[Secure-testing-commits] r41897 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu May 19 19:56:38 UTC 2016
Author: carnil
Date: 2016-05-19 19:56:38 +0000 (Thu, 19 May 2016)
New Revision: 41897
Modified:
data/CVE/list
Log:
Mark CVE-2016-2568 as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-19 19:37:39 UTC (rev 41896)
+++ data/CVE/list 2016-05-19 19:56:38 UTC (rev 41897)
@@ -6289,6 +6289,8 @@
CVE-2016-2568 [Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl]
RESERVED
- policykit-1 <unfixed> (bug #816062)
+ [jessie] - policykit-1 <no-dsa> (Minor issue)
+ NOTE: Restricting ioctl on the kernel side seems the better approach
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300746
CVE-2016-2558 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
TODO: check
More information about the Secure-testing-commits
mailing list